
CLAIMS : 

1. A method for controlling customer resources for network traffic delivery, 
comprising: 

tracking network utilization of a group of endpoints on a network to generate group 
utilization level information corresponding to a current amount of network resource 
consumption by the group; 

receiving a message corresponding to a request for network resources for a data flow 
for one of the endpoints, the request including an identifier associated with the one endpoint; 
and 

determining whether the request is to be accepted based on the group utilization level 
information, the identifier, and a predetermined profile, the predetermined profile being 
associated with the group and including a network utilization limit. 

2. The method of claim 1, wherein the step of receiving comprises: 

receiving the request from one of a router and a packet switch, associated with the one 
endpoint; and 

wherein the method further comprises the step of: 

forwarding to the router the result of the decision whether to accept the request. 

3. The method of claim 2, wherein the router is a policy enforcement point (PEP), and 
the method further comprises the step of: 

receiving, from the PEP, the request for network resources for a data flow for the one 
endpoint. 
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4. The method of claim 3, further comprising the step of: 

performing the steps of tracking, receiving, and determining on a server that forms a 
policy decision point. 

5. The method of claim 1, wherein the step of determining comprises the step of: 
applying a policy rule, using the group utilization level information, the identifier, and 

the predetermined profile to determine whether the group exceeds the network utilization 
limit 

6. The method of claim 5, wherein the policy rule in the step of applying comprises: 
an access control rule, an attempt rate rule, a bandwidth rule, a maximum concurrent 

flow rule, and a flow time limit rule. 

7. The method of claim 1, wherein the group is associated with a reserved bandwidth 
service logical access port ( RLAP) and the method further comprises the steps of: 

tracking network utilization of the RLAP, the RLAP including the one endpoint to 
generate RLAP utilization level information corresponding to a current amount of network 
resource consumption by the RLAP; and 

wherein the step of determining comprises the step of: 

determining whether the request is to be accepted based on the RLAP utilization level 
information and another predetermined profile that is associated with the group, includes a 
corresponding network utilization limit. 

8. The method of claim 1, further comprising the step of: 
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adjusting the group utilization level information, when the request is accepted, to 
reflect the installment of the request and the corresponding increase in network resources 
consumption. 

9. The method of claim 8, further comprising the step of: 

receiving another message corresponding to a discontinuance of the data flow and to 
the availability of network resources formerly consumed by the data flow; and 

adjusting the group utilization level information to reflect the availability of the 
network resources formerly consumed by the data flow. 

10. A system for controlling customer resources for network traffic delivery, 
comprising: 

means for tracking network utilization of a group of endpoints on a network to 
generate group utilization level information corresponding to a current amount of network 
resource consumption by the group; 

means for receiving a message corresponding to a request for network resources for a 
data flow for one of the endpoints, the request including an identifier associated with the one 
endpoint; and 

means for determining whether the request is to be accepted based on the group 
utilization level information, the identifier, and a predetermined profile, the predetermined 
profile being associated with the group and including a network utilization limit. 

11. The system of claim 10, wherein the means for receiving comprises: 
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means for receiving the request from one of a router and a packet switch associated 
with the one endpoint; and 

wherein the system further comprises: 

means for forwarding to the router the result of the decision whether to accept the 
request. 

12. The system of claim 11, wherein the router comprises: 
a policy enforcement point (PEP); and 

wherein the system further comprises: 

means for receiving, from the PEP, the request for network resources for a data flow 
for the one endpoint. 

13. The system of claim 12, further comprising: 

a server forming a policy decision point, said server including the means for tracking, 
the means for receiving, and the means for determining. 

14. The system of claim 10, wherein the means for determining comprises: 
means for applying a policy rule, using the group utilization level information, the 

identifier, and the predetermined profile to determine whether the group exceeds the network 
utilization limit. 

15. The system of claim 14, wherein the policy rule comprises: 
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an access control rule, an attempt rate rule, a bandwidth rule, a maximum concurrent 
flow rule, and a flow time limit rule. 

16. The system of claim 10, wherein the group is associated with a reserved 
bandwidth service logical access port (RLAP), said RLAP including the group; and 

wherein the system further comprises: 

means for tracking network utilization of the RLAP, the RLAP including the one 
endpoint to generate RLAP utilization level information corresponding to a current amount of 
network resource consumption by the RLAP; and 

wherein the means for determining further comprises: 

means for determining whether the request is to be accepted based on the RLAP 
utilization level information and another predetermined profile that is associated with the 
group includes a corresponding network utilization limit. 

17. The system of claim 10, further comprising: 

means for adjusting the group utilization level information, when the request is 
accepted, to reflect the installment of the request and the corresponding increase in network 
resources consumption. 

18. The system of claim 17, further comprising: 

means for receiving another message corresponding to a discontinuance of the data 
flow and to the availability of network resources formerly consumed by the data flow; and 

means for adjusting the group utilization level information to reflect the availability of 
the network resources formerly consumed by the data flow. 
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19. A computer readable medium storing program instructions for execution on a 
computer system, which when executed by a computer, cause the computer to perform the 
steps of: 

tracking network utilization of a group of endpoints on a network to generate group 
utilization level information corresponding to a current amount of network resource 
consumption by the group; 

receiving a message corresponding to a request for network resources for a data flow 
for one of the endpoints, the request including an identifier associated with the one endpoint; 
and 

determining whether the request is to be accepted based on the group utilization level 
information, the identifier, and a predetermined profile, the predetermined profile being 
associated with the group and including a network utilization limit. 

20. The computer readable medium of claim 19, wherein the step of receiving 
comprises: 

receiving the request from one of a router and a packet switch associated with the one 
endpoint; and 

wherein the computer readable medium further includes program instructions for 
causing the computer to perform the step of: 

forwarding to the router the result of the decision whether to accept the request. 

21. The computer readable medium of claim 20, wherein the router is a policy 
enforcement point (PEP), and the computer readable medium further includes program 
instructions for causing the computer to perform the step of: 
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receiving, from the PEP, the request for network resources for a data flow for the one 
endpoint. 

22. The computer readable medium of claim 21, wherein the computer readable 
medium further comprises program instructions for causing the computer to form a policy 
decision point independent of said PEP. 

23. The computer readable medium of claim 19, wherein the step of determining 
comprises the step of: 

applying a policy rule, using the group utilization level information, the identifier, and 
the predetermined profile to determine whether the group exceeds the network utilization 
limit. 

24. The computer readable medium of claim 23, wherein the policy rule in the step of 
applying comprises: 

an access control rule, an attempt rate rule, a bandwidth rule, a maximum concurrent 
flow rule, and a flow time limit rule. 

25. The computer readable medium of claim 19, wherein the group is associated with 
• a reserved bandwidth service logical access port (RLAP), and the computer readable medium 

further includes program instructions for causing the computer to perform the step of: 
tracking network utilization of the RLAP, the RLAP including the endpoint to 
generate RLAP utilization level information corresponding to a current amount of network 
resource consumption by the RLAP; and 
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wherein the step of determining comprises the step of: 

determining whether the request is to be accepted based on the RLAP utilization level 
information and another predetermined profile that is associated with the group includes a 
corresponding network utilization limit. 

26. The computer readable medium of claim 19, wherein the computer readable 
medium further includes program instructions for causing the computer to perform the step 
of: 

adjusting the group utilization level information, when the request is accepted, to 
reflect the installment of the request and the corresponding increase in network resources 
consumption. 

27. The computer readable medium of claim 26, wherein the computer readable 
medium further includes program instructions for causing the computer to perform the steps 

of: 

receiving another message corresponding to a discontinuance of the data flow and to 
the availability of network resources formerly consumed by the data flow; and 

adjusting the group utilization level information to reflect the availability of the 
network resources formerly consumed by the data flow. 

28. A memory for storing information for controlling customer resources for network 
traffic delivery, comprising a data structure including: 

a field for storing a first identifier corresponding to a policy enforcement point; 
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a field for storing a second identifier corresponding to a group of endpoints on a 
network, the group of endpoints being associated with the policy enforcement point; and 

a field for storing predetermined network utilization limit information for the group. 

29. The memory according to claim 28, wherein the field for storing group utilization 
limit information comprises: 

a field for storing a limit for a number of flow request attempts by the group occurring 
during a time period; 

a field for storing a limit for an amount of bandwidth currently in use by the group; 

and 

a field for storing a limit for a number of flows currently active for the group. 

30. A memory for storing information for controlling customer resources for network 
traffic delivery, comprising a data structure including: 

a field for storing a first identifier corresponding to a policy enforcement point; 

a field for storing a second identifier corresponding to a group of endpoints on a 
network, the group of endpoints being associated with the policy enforcement point; and 

a field for storing network utilization level information for the group, the network 
utilization level information corresponding to a current amount of network resource 
consumption by the group. 

31. The memory of claim 30, wherein the field for storing group utilization level 
information comprises: 



-45- 



a field for storing a number of flow request attempts by the group occurring during a 
time period; 

a field for storing an amount of bandwidth currently in use by the group; and 
a field for storing a number of flows currently active for the group. 
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